By April 2, 2010

PayPal Security Key Card Review

A little over three years ago, PayPal and eBay announced a way to further protect your accounts with their Security Key initiative.

The premise of the Security Key is simple. A single, hardware key is assigned to your account. Every sixty seconds or so, a new numeric key is generated using RSA’s Securid technology. Essentially, your key uses an algorithm to create a big-ass unique random number, which is truncated down to six digit number. PayPal and eBay have software that calculates the same number, which again is unique to your card. You then log in with your normal username and password, followed by your random six digit number.

I was among the first public folks to get a key, and have used it ever since.

That is, until I lost it in February.

I canceled my lost keyfob just in case someone found it. I re-enabled “regular” log ins to PayPal and eBay after following a short protocol that involved sending a SecurID-generated number to my mobile phone via a text message. I was so pleased with the way the Security Key worked with my PayPal and eBay accounts that I didn’t mind paying the $5 to get another one.

This time PayPal offered a credit card-sized Security Key in addition to the egg-shaped keyfob I had for almost three years. Sometimes I didn’t have the fob when I needed it; it was a little weird to tote around. This time I opted for the credit card Key. It arrived about two weeks later.

The credit card-shaped Key works a lot like my old keyfob. If you need a new number, you press a button. The PayPal FAQ says the keyfob generates a new number every thirty seconds, but this isn’t true. You have to push a button with both types of Security Keys.

I put my new Key in my wallet, along with my other credit cards and crap. I was concerned that I would inadvertently activate the Security Key by sitting down. I did some butt-tests and found that it takes a fair amount of force to trigger the Key. In fact, it’s more like a Vulcan nerve pinch more than a “press.”

My only regret is that I can’t use this SecurID for more sites. I keep tons of “strong,” unique passwords for various Web sites thanks to KeePass, but it would be nice to just have a simple password plus the SecurID.

I’ve used the credit card Key for over a month, and highly recommend it over the keyfob design. At this point, I don’t think there are any advantages to using the original fob over the new credit card. Regardless of what you choose, it’s well worth the $5.

Strongly recommended.

Posted in: review, technology

5 Comments on "PayPal Security Key Card Review"

Trackback | Comments RSS Feed

  1. the Accountant (tm) says:

    Totally different comment. From an end user perspective the Share on Facebook link is exactly where I expect the Read More link is, I keep clicking on it! Anyway to move it to the right side? Or am I being silly? You are the expert, you tell me!

  2. drfaulken says:

    I just changed it to the share icon so it looks different from the “Read More” link — does that help?

  3. the Accountant (tm) says:

    That is much better. You remain a usability god, A GOD I SAY!!!!!!

    – slightly fanatical old school worshipper, not amused by those new up-coming peaceful DocFaulken worshippers. My Doc smites by gum!

  4. Sverny svensen says:

    I got the security key card also to replace my keychain FOB and despite your claim that it is hard to activate it when in your wallet I did experience pulling out a dead card after only one week of use. This is not a good design. I called paypal and they promptly sent me a replacement for no charge so to prevent this from happening again I will glue a small washer around the “press” button so it will not be pushed accidently while in my wallet.

  5. DrFaulken says:

    I think you may have gotten a bad card. Mine is still going strong after eighteen months of sitting on it 🙂 The design seems just fine.